<? include("header.php") ?>
<?php
if ( @$_SESSION['seslogin'] == true )
{
	header("Location: admin.php?mod=Index");
	die();
}
$strErr = "";

if ( @$_POST['cmdSubmit'] != '' )
{
	//get username and pwd
	$username = (!get_magic_quotes_gpc()) ? addslashes(@$_POST['txtUsername']) : @$_POST['txtUsername'];
	$pwd = (!get_magic_quotes_gpc()) ? addslashes(@$_POST['txtPwd']) : @$_POST['txtPwd'];
	//
	$sql = "SELECT um_user.* FROM um_user WHERE um_user.username='$username'";
	$rs = $link->execute($sql);

	if	( !$rs->EOF )
	{
		if ( $rs->fields('pwd') == md5($pwd) )
		{
			$_SESSION['seslogin'] = true;
			$_SESSION['sesgod'] = $rs->fields('god');
			$_SESSION['sesusername'] = $rs->fields('username');
			
			$sql = "select * from um_group where gid=" . $rs->fields('gno');
			$rs_t = $link->execute($sql);
			
			if ( !$rs_t->EOF )
			{
				$_SESSION['sesgname'] = $rs_t->fields('gname');
				$_SESSION['sesgid'] = $rs_t->fields('gid');	
			}
			else
			{
				$_SESSION['sesgname'] = "-- NONE --";
				$_SESSION['sesgid'] = -1;				
			}

			//redirect other page
			$rs->close();
			echo '
			<br><br><br><br><br><br>
			<center>Bạn đã đăng nhập thành công
			<br><br>
			<a href="admin.php?mod=Index" style="font-size: 14px; color: #cc6600; font-weight:bold;">Quản lý website &raquo;</a><br /><br /><img width="25" height="25" src="images/vscms.gif" border="0" align="absmiddle">
			<br><br>Vui lòng chờ trong giây lát...<r><br><br><meta http-equiv="refresh" content="2;URL=admin.php?mod=Index"></center>
';
			include('footer.php');
			die();			
		}
		else
		{
			$strErr = "Mật khẩu không chính xác !";
		}
	}
	else
	{
		$strErr = "Tên đăng nhập không chính xác !";
	}
}

?>
<!-- LOGIN >> -->
<script language="javascript">
function ValidateDate()
{
	if ( document.all['frmLogin'].txtUsername.value == '' )
	{
		alert('Chua nhap vao ten dang nhap !');
		document.all['frmLogin'].txtUsername.focus();
		return false;
	}
	
	if ( document.all['frmLogin'].txtPwd.value == '' )
	{
		alert('Chua nhap vao mat khau !');
		document.all['frmLogin'].txtPwd.focus();
		return false;
	}
	
	return true;
}
</script>
<?php

if ( $strErr != "" )
	echo '<div align="center" class="clsError">' . $strErr . '</div>';

?>
<br>
<br>
<br>
<br>
<table width="100%" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr>
    <td align="center" valign="top">
<form action="<?= basename(__FILE__) ?>" method="post" name="frmLogin" onSubmit="return ValidateDate()">
<table width="400" border="0" cellspacing="0" cellpadding="0" style="border: 1px outset #000066" align="center">
    <tr>
            <td><table width="100%"  border="0" cellspacing="0" cellpadding="0">
                <tr>
                  
            <td height="30" style="border: 1px outset;color:#FFFFFF;font-weight:bold" bgcolor="#336699">&nbsp;Đăng nhập hệ thống</td>
                </tr>
            </table></td>
    </tr>
          <tr>
            <td>
        <table width="100%"  border="0" cellspacing="0" cellpadding="0">
          <tr> 
            <td colspan="2">&nbsp;</td>
            <td>&nbsp;</td>
          </tr>
          <tr> 
            <td rowspan="2" align="center" valign="middle"><img src="images/security.gif" width="69" height="52"></td>
            <td>Tên đăng nhập</td>
            <td>&nbsp; 
              <input class="vsinput" name="txtUsername" type="text" style="background-color: #cbdbef" size="30" maxlength="15">
            </td>
          </tr>
          <tr> 
            <td>Mật khẩu</td>
            <td>&nbsp; 
              <input class="vsinput" name="txtPwd" type="password" style="background-color: #cbdbef" size="30" maxlength="15">
            </td>
          </tr>
          <tr> 
            <td colspan="2">&nbsp;</td>
            <td>&nbsp;</td>
          </tr>
          <tr> 
            <td height="40" bgcolor="#000066" style="border:1px inset" colspan="3" align="right"> 
              <input name="cmdSubmit" type="submit" value="&#272;&#259;ng nh&#7853;p &raquo;">
              &nbsp;</td>
          </tr>
        </table>
      </td>
          </tr>
        </table>
		</form>	
	</td>
  </tr>
</table>
<script language="javascript">document.all['txtUsername'].focus();</script>
<br>
<br>
<br>
<br>
<!-- << LOGIN -->
<?php
	include("footer.php");
?>